The latest scam YOU need to be aware of: 'tabnabbing'

Posted on June 10, 2010 - 6:55pm

Think ‘tabnabbing’ sounds like the latest prank involving filing
supplies and the office clown? Think again. Tabnabbing (also referred
to as tabnapping) is a new type of phishing attack that is sweeping the
internet. Most phishing scams rely on you clicking on an imbedded link
or downloading a file you find in a suspect email, sketchy website or a
pop up window. Tabnabbing occurs in the background after your focus
shifts away from a malicious or compromised site.

“What we
don’t expect is that a page we’ve been looking at will change behind our
backs, when we aren’t looking. That’ll catch us by surprise,” Said Aza
Raskin, Firefox's creative lead who identified the attack. “Most people
keep multiple tabs open, often for long periods.”

This
attack uses JavaScript to discretely change the contents of an open but
not active tab in your browser to look like the log-in screen of a bank,
credit card company, popular retail site, social networking site or
email provider. This page transformation only occurs after the page
becomes “inactive” while a victim moves to another tab or open program.
The scammers are relying on users thinking they left a login page tab
open.

"When they click back to the fake tab, they'll see
the standard Gmail log-in page, assume they've been logged out, and
provide their credentials to log in," says Raskin.

Raskin was
able to recreate “tabnabbing” on his own blog to show users what to
look for. You can try it here.
After clicking the link, open a new tab, or simply click away from the
page for a few seconds and then go back to the original tab. While the
URL hasn’t changed, the original blog content you saw only moments ago
has been replaced with what appears to be a Gmail login page. In this
case the Gmail login page is just an image; however, in the case of an
actual tabnabbing attack the page will be a functional login form.

In
an actual attack after the user enters their login information, it’s
sent it back to the attacker, and then the victim redirected back to the
site they think they are logging into. This often goes completely undetected
because often the victim was never logged out in the first place, and
it will simply appear as if the login was successful, never realizing
that they just handed over the all credentials the attacker needed to
access their account.

It is even possible for attackers to
detect which sites are in your history as well as what sites you are
currently logged into and then customize the fake page to resemble a
site you often use or are currently logged into, making this form of
attack extremely effective and difficult to detect. All major browsers
are susceptible to this attack.

Here’s what to watch for and
how to avoid a potential tabnabbing attack and keep your identity,
information, and login credentials safe:

Don't log-in on a
tab that you haven't opened yourself. Since the tabnabbing tactic
banks on you trusting that you opened the tab -- and that the site
simply timed out -- the best defense is this offensive move. In other
words, if you see a tab that contains a seemingly-legit log-in form,
close it, then head to the site yourself in a new tab.

Enable
browser settings and filters that will alert you to potential attacks.
For Internet Explorer (IE) use SmartScreen. In Firefox and Chrome it's
called "Phishing and Malware Protection;" Safari doesn't give it a name,
but offers a setting that reads, "Warn when visiting a fraudulent
website" in the Security section of its Preferences settings.

Look
at the URL in your browser's address bar before filing in any form
or giving out any personal information and verify the URL matches the
login page. If there’s a discrepancy, close the tab immediately.

Use
a password manager. Third-party browser password managers like RoboForm for Windows or 1Password
for Mac link saved log-in usernames and passwords to a specific URL.
When you save the username and password on the log-in page of the
legitimate site, the password manager won't auto enter the username and
password into a non-matching URL which should alert you to a possible
tabnabbing attempt.

Thank you for confirming my OWN THOUGHTS on my own SMART PHONE, DROID 2...This has caused me SO many Problems..I first picked it up at a REAL site askLAWYERS.com but we blink, then I guess i got slamed with a EMAIL site instead asking for Credit card INFO..but I noticed the little GLOBE wasnt spinning on top. so Checked out LOWER Veri check, BUT addreses didnt match. So I LOOKED at that address. at the time I just thought AKAMIA is a strange name. But again this happened at NORTHwESTRN MEMORIAL HOSP,in EVANSTON ILL. Just like now wasting so much time trying to e..rase a letter this problem is driving me nuts...on this VERISON/MOTOROLA/COMUNNIST CHINA PHONE. They kept DENIKYING a cell phone couldnt get a VIRUS or SOMETHING is PHINPHISHING my Facebook over over again..WHY, then at the Hosp site, it swithch while I must of BLINMED, so again I checked site..again...AKAMIA,,then it dawn on me this is their calling card..AKA..AS KNOWN AS, then MIA/ MISSING IN ACTION. Ive tried to past this on to SAn Fran POLICE, Google out there,+ AskLAWYER .com, VERISON is putting pressure on me to just turn in my cell, But can the PROBLEM come with me on my MEMORY CARD??? I need help on this phone,please. When I first used it, it had a letter/mail with a HAMMER & cyckle on it!! PLus RUSSIAAN writting..why?? Do you know of anything..iis this how messages are passed over the ocean, and I got the WRONG CELL? I have seen BIBLICAL STUFF , thev PALESTENIENS will take over and enter the land with BO....& M...cant remember the names right now,with Computor code inbetween these other words in ENGLISH..plus ever time I write a very llong Email, it disappears..so sendind off before again Im frustrated... HELP with this DROID 2...is any one else having or speaking uP I toldVERISON , since you have most of the TOWERS,maybe COMMUNIST CHINA wants usa people to get MAD at your phones to lower stock $ to take over companies. Aslo Motorola..puttong pressureon USA companies do DO IT THEIR COMMINIST way or they play dirty??? 5het want usa ..